Chronicle, Alphabet’s enterprise security company, released a new version of its VirusTotal malware and virus scanner targeting enterprise customers. VirusTotal Enterprise searches 100 times faster compared to the earlier version. It also includes other new capabilities to help companies’ threat intelligence teams better analyze massive amounts of data.
Chronicle was originally part of Alphabet’s secretive X research lab and then launched as an independent business in January. Shortly after that VirusTotal, which Google acquired in 2012, became part of Chronicle. The service allows users to select a file from their computer and upload it to VirusTotal. It then checks it against a database of more than 70 antivirus engines and domain blacklisting services.
In addition to VirusTotal, Chronicle is building an analytics platform that will use machine learning and advanced search capabilities to give companies better insight into the threats. It’s working with a few dozen Fortune 500 companies to test the platform, which doesn’t have a release date.
VirusTotal has “millions of users, and a good chunk of those are paying customers,” said Rick Caccia, chief marketing officer at Chronicle. (It also has a free version for non-commercial use.) Users include threat researchers, governments, other security vendors, and Fortune 500 companies.
Today’s release incorporates new features that these large enterprises wanted, said Mike Wiacek, chief security officer and Chronicle co-founder. It allows security teams to search for malware samples, hunt for future malware samples, analyze and graph malware relationships, and automate all of these tasks with an API. The service benefits from Google’s infrastructure to expand its search and analysis capabilities, and Chronicle’s focus on securing enterprise networks, he said.
“VT Enterprise is a natural evolution for VirusTotal, benefitting from being part of Alphabet and being able to add functionality and capabilities that we really could not do anywhere else,” Wiacek said. “It also benefits from Chronicle because a lot of people on the team here have deep enterprise experience.”
Earlier this year the company launched VirusTotal Graph, which is a is a visualization tool built on top of VirusTotal’s data set. “It’s a new way of seeing how malware files relate to each other and the network infrastructure that they communicate with,” Wiacek said. “It really helps facilitate the discovery of new malware and variants of malware, and helps supercharge the ability of threat researchers to do their job.”
Today’s release adds a feature called Private Graph. This allows companies to create visualizations of malware relationships and link to internal information — and keep these graphs private so that they are not shared with other VirusTotal users. This means that enterprises can include information about assets such as machines, people, departments, and email within a graph. They can also keep ongoing threat research and incident investigations private.
“So now what I’m seeing is a fused graph being pulled from VirusTotal’s corpus as well as data that’s unique to my enterprise,” Wiacek said. “I have a place to store that data, keep it secret, and then collaborate on it with the security team.”
The new enterprise product also adds a feature that helps improve corporate security by using existing two-factor authentication for account access. Additionally, new API management of corporate groups helps keep internal user directories synced with VirusTotal. This means if a security professional leaves the company he can automatically be deleted from the VirusTotal Enterprise account.
In addition to 100-times faster search speeds, the service improves search accuracy by adding parameters such as common icons across files and spam emails sharing a common layout. The malware analysis also shows new details about uploaded files such as embedded domains, IP addresses, interest-ranked strings.
“We are leveraging the technical capabilities we have with being part of Alphabet, so we can take something that would have been a multi-hour search and do it in just a few seconds,” Wiacek said. “It takes the entire process of how you actually conduct threat hunting and flips it on its head.”